Malicious code in threading-assistant (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b7b431362a8fc3af245e62278011eb007f0b23eeaa959c3a34bbb959fa549a4c Infostealer exfiltrating cookies, history and passwords from the Google Chrome browser, as well as attempting to do a webcam photo. Data are sent to a Discord...

MAL-2024-12208 Malicious code in assistant-threader (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6dba125172b57e6b24bcd2cc0df076483e1fe36d1969f37e533d611fb6f9d808 Infostealer exfiltrating cookies, history and passwords from the Google Chrome browser, as well as attempting to do a webcam photo. Data are sent to a Discord...

MAL-2024-12363 Malicious code in threading-assistant (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b7b431362a8fc3af245e62278011eb007f0b23eeaa959c3a34bbb959fa549a4c Infostealer exfiltrating cookies, history and passwords from the Google Chrome browser, as well as attempting to do a webcam photo. Data are sent to a Discord...

MAL-2024-12209 Malicious code in assisting-threading (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 33605e5f943eacd5d5ab7a4c37625226e2ef072f2fd3dac068b169d58ba1c2c9 Infostealer exfiltrating cookies, history and passwords from the Google Chrome browser, as well as attempting to do a webcam photo. Data are sent to a Discord...

MAL-2024-12362 Malicious code in thethreadingassistant (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 762eff7d2ce4176f6050d35736ba93b5853e8519e760522372aced785a146e59 Infostealer exfiltrating cookies, history and passwords from the Google Chrome browser, as well as attempting to do a webcam photo. Data are sent to a Discord...

CVE-2024-39403 Stored XSS through Webhook module public key configuration

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...

CVE-2024-39403 Stored XSS through Webhook module public key configuration

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 29, 2024 to August 4, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest...

FreeBSD : Gitlab -- Vulnerabilities (729008b9-54bf-11ef-a61b-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 729008b9-54bf-11ef-a61b-2cf05da270f3 advisory. Gitlab reports: Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access...

Gitlab -- Vulnerabilities

Gitlab reports: Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access Cross project access of Security policy bot Advanced search ReDOS in highlight for code results Denial of Service via banzai pipeline Denial of service using adoc files ReDoS in RefMatcher when matching...

GO-2024-3002 Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

Argo CD Unauthenticated Denial of Service DoS Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd...

CVE-2024-39713

A Server-Side Request Forgery SSRF affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1...

CVE-2024-39713

A Server-Side Request Forgery SSRF affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1...

CVE-2024-39713

A Server-Side Request Forgery SSRF affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1...

CVE-2024-39713

Summary: CVE-2024-39713 affects Rocket.Chat’s Twilio webhook endpoint and enables Server-Side Request Forgery (SSRF) prior to version 6.10.1. The vulnerability allows an unauthenticated actor to induce the server to make arbitrary outbound requests to internal or external resources. Affected prod...

PT-2024-28648

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 6.10.1 Description A Server-Side Request Forgery SSRF issue affects Rocket.Chat's Twilio webhook endpoint. This allows attackers to redirect requests, potentially risking sensitive data. Approximately 1781 IPs hav...

The vulnerability of the declarative delivery tool for GitOps in Kubernetes Argo CD allows a attacker to trigger a service failure.

The vulnerability of GitOps’ continuous delivery tool for Kubernetes Argo CD is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to trigger a service failure by sending a specially crafted JSON payload to the final endpoint /api/webhook...

CVE-2024-41664 Blind SSRF via Canarytoken Webhook

Canarytokens help track activity and actions on a network. Prior to sha-8ea5315, Canarytokens.org was vulnerable to a blind SSRF in the Webhook alert feature. When a Canarytoken is created, users choose to receive alerts either via email or via a webhook. If a webhook is supplied when a Canarytok...

CVE-2024-41664 Blind SSRF via Canarytoken Webhook

Canarytokens help track activity and actions on a network. Prior to sha-8ea5315, Canarytokens.org was vulnerable to a blind SSRF in the Webhook alert feature. When a Canarytoken is created, users choose to receive alerts either via email or via a webhook. If a webhook is supplied when a Canarytok...

CVE-2024-41664 Blind SSRF via Canarytoken Webhook

Canarytokens help track activity and actions on a network. Prior to sha-8ea5315, Canarytokens.org was vulnerable to a blind SSRF in the Webhook alert feature. When a Canarytoken is created, users choose to receive alerts either via email or via a webhook. If a webhook is supplied when a Canarytok...